Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Page Half Title Page Title Page Copyright Page Dedication Page Contents Page Preface Page 1 Business Impact of Emerging Technologies and Trends
Introduction
Artificial Intelligence Augmented Reality Blockchain Technology Drones
Applying for a Drone License for Commercial Use
Internet of Things Robotics 3D Printing Virtual Reality
Change in the Way Business Is Done Some Prevalent Types of Computing Risks Surrounding Business and Technology Connected to Them Need for Compliance Use of Tools to Ease the Compliance Process Building a Compliance Framework
Conclusion
2 Challenges and Roadblocks to Compliance
The Pain Points in GRC NIST Cybersecurity Framework Compliance Can Be Attested or Assurance Function Challenges to Address Security Governance in the Organization
To Combat Incidence of Security Breaches Existence of Skill Gaps Challenge of Connected Devices Changing Face of Technology
Data Governance Data Governance Serves to Overcome the Following Obstacles
Delay in Submission of Compliance Reports Avoids Breach of Data Integrity by Secure Access Removes the Fear of Wrong Comprehension of Data and Data Subjects Allows Better Centralized Control Over Compliance and Other Data Data Governance Brings Autonomy and Reduces the Dependence on Individual Employees
Size of Data Existence of Legacy Data Regulatory Requirements of Business Continuity
Challenges in Cloud Computing Challenges with Cloud Services
Security Issues Cost Management and Containment Lack of Resources or Expertise Governance/Control Compliance Managing Multiple Clouds Performance Segmented Usage and Adoption Migration
Compliance Issues for Specific Industries
Challenges in Healthcare Industry
Healthcare’s Attack Surface Is Growing Use of Old Hardware and Software Healthcare Gives Low Priority to Cybersecurity Risks Healthcare Is Interconnected Stolen Healthcare Data Is Valuable Patients Are Given Access Rights to Medical Data Limited Budget for Cybersecurity Lack of Cybersecurity Education Healthcare Industry to Comply with GDPR Change in Legal and Regulatory Provisions There Is No Accountability for Cybersecurity HITRUST
Compliance Challenges for Banking and Financial Services
Acute Competition Increase in Breaches Changing Business Models Addressing Issues of Making a ‘Global Footprint’ Adapting to Rapid Changes Technology Challenge Supervisory Pressure Use of Mobile Banking Applications
Some Banking-Related Compliances SOX Compliance and Data Security
Top Compliance Challenges Facing Logistics Industry
Third-Party Service Providers Challenges in Implementation of GDPR
Keeping Abreast of Changes Maintaining Accountability and Transparency in Operations Complex Technology That Is Constantly Being Added to the Suite Lack of Awareness, Education, and Cultural Barriers Ensuring Third-Party Compliance Data Breaches and Cyberattacks
Build Strong and Adaptable Foundations Conduct Due Diligence on Third-Party Service Providers Embed a Security- and Compliance-Aware Business Culture Obtaining Right Skill Sets for Technology Make Security and Data Protection a Priority Monitoring and Reporting Need for a Well-Drafted Compliance Plan
ePrivacy Regulation Security Policy Implementation Employees Are Assets but Sometimes Pose a Challenge Conclusion Coming Next …
3 Adopting an Integrated Approach
PDCA Approach to Building Organizational Framework Categories of Compliance Weaving Compliance into the Organizational Setup Appointment of a Compliance Officer
Understanding Organizational Processes and Structure Compliance Analytics for Identifying and Validating Compliance Requirements Conducting Compliance Risk Assessment Compliance Analytics Is an Ongoing Program Choosing and Tailoring an Appropriate GRC Framework
Steps in Building a GRC Framework Stakeholder Participation in GRC Strategy Building a Hybrid Security Framework Finding a Right Fit Components of GRC Framework Information Security Governance Framework Cybersecurity Framework, a Part of Security Governance Other Frameworks
Risk Governance/Framework
Risk Identification Risk Monitoring and Reporting Risk Governance Common Risk Frameworks
Risk IT Framework (ISACA) IRGC Risk Framework
Formulating an Integrated Compliance Framework Compliance Programs Automation for Better Compliance Compliance Requirements of Partner Organization and Due Diligence during Contract Signing Compliance Training Compliance Audit Follow-Up Action by Management Conclusion Going Further …
4 Compliance Frameworks – Possible Solutions
IT Governance Compliance Standards and Guidelines IT Governance Frameworks
COSO (Committee of Sponsoring Organizations) COBIT (Control Objectives for Information Technology) ITIL Sarbanes–Oxley Compliance ISO/IEC 38500
Strengths Constraints
Advantages of ISO/IEC 38500 – IT Governance
Risk Frameworks
ISO 31000:2009, Risk Management IEC 31010, Risk Management FAIR (Factor Analysis of Information Risk) The International Risk Governance Council (IRGC) Enterprise Risk Management (ERM)
NIST Cybersecurity Framework Octave CIS Critical Security Controls Regulatory Compliance
Global Data Protection Regulation (GDPR) HITRUST HIPAA
Industry-Specific Standards
PCI DSS (Payment Card Industry Data Security Standard)
Building a Hybrid Security Framework Types of SOC Reports
Security Availability Processing Integrity Confidentiality Privacy Certification Readiness
Points of Focus in an SOC 2 Audit Annexure A Annexure B Annexure C Annexure D
5 Adoption of a Customized Approach to Compliance
Setting Right Business Imperatives Need for an Integrated Compliance Framework Mapping of Key Controls Planning an Integrated Framework Befitting the Business and Scale of Operations In Building the Business Case, the Following Factors Have to Be Considered Why Compliance Standards Exist? Options for Building a GRC Framework Components of GRC Framework Some Existing GRC Structures
The Three Lines of Defense Model for Management Oversight
The First Line of Defense (Functions that Own and Manage Risks) The Second Line of Defense (Stands for Functions that Specialize in the Compliance and/or Management of Risk) The Third Line of Defense (Independent Assurance)
Integrated Cybersecurity Governance Model Integrated Management System (or IMS)
How to Define a Compliance Framework for the Organization Determining Costs of Compliance Key Capabilities of a GRC Framework Compliance Capabilities Desired by Organizations Purpose of a Compliance Program How to Build an Integrated Framework for Compliance Considerations at the Time of Initiating an Integrated Compliance Program Key Assumptions in Implementing an Effective GRC Program Consists of How to Stitch Multiple Controls Together for Overlapping Controls Control Sheets for Various Standards Implementing an Integration of Two or More Frameworks Metrics to Be Set to Measure Performance Reducing the Risk of Noncompliance Critical Success Factors in Implementing an Integrated Compliance Program Benefits of a Single Integrated Framework for Compliance Internal Audit Standardizing Audit Questions IT Audit and Compliance Conclusion
6 Activities/Phases for Achieving Integrated Compliance
Illustration I
Forming a Comprehensive Baseline of Controls
Illustration 2 Conclusion Annexure A
7 Designing an Operating Model for Risk and Compliance Aligned with the Business Model
GRC Drivers
OCEG Model KPMG’s GRC Target Operating Model (TOM) The Three Lines Model for GRC
GRC Model for Banks Evolution of Virtual Banking Model Monitoring and Control Model Validation Components of Validation GRC Metrics and Measurements Data Integrity Model Control Practices
8 Next Steps – Through Automation
Need for an Integrated GRC Platform Process of Integrating GRC Function Working on a GRC Strategy for Transformation Good to Keep a Suggestion Box Commonality of Purpose Is Important Creating a Strategic GRC Plan Features of GRC Platforms Criteria for Choice of GRC Application
1. It Should Be User-Friendly 2. Support Mobile Devices 3. Support Cloud Application 4. Security 5. Cost 6. Vendor Support 7. Automation
Identifying a Business-Ready GRC Solution MIS Reporting
1. LogicManager 2. SAP’s GRC Offering 3. MetricStream GRC Platform 4. ServiceNow 5. The Cura Software GRC Management Platform 6. OneTrust
Speed of Digital Transformation Three Principles for Organizational Redesign Data Analytics Compliance Analytics Techniques ISO 19600 – A Certification for GRC Governance Risk and Compliance Certification Conclusion Annexure A
Case Study 1 Case Study 2 Case Study 3 Case Study 4 Case Study 5
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion